According to https://docs.docker.com/registry/spec/api/ I can call /v2/<name>/tags/list
to get a list of the tags for a given image. It works fine, e.g.:
{"name"=>"avi/test", "tags"=>["latest"]}
However, I would like the digest for each tag. Yes, the "digest" is actually the hash of the manifest (at least as I best understood it from the API; not 100% clear). However, I would like a way of knowing what a unique identifier for "latest" (and every other tag) is.
Use case: I might have someone tag a version as latest, and want to check if it is up to date:
docker push avi/test:2.6
docker tag avi/test:2.6 avi/test:latest
docker push avi/test:latest
# build 2.7
docker push avi/test:2.7
# oops! Forgot to tag latest to 2.7
In the above case, if I can check not just the tags - which will give me "2.6", "2.7", "latest" - but also the digest (at least of the manifest), I can find what various tags point to, audit, etc.
AFAIK, there isn't a digest API. However, according to the v2 API spec you can do a HEAD
or GET
request against /v2/<name>/manifests/<reference>
. The response will include a Docker-Content-Digest
header containing the digest of the specified manifest (e.g. latest
).